Release Notes for Cisco Prime Network Registrar 8.0

Revised: December 26, 2011, OL-24398-01

Cisco Prime Network Registrar is comprised of four components including an IP address management application, a Domain Name System (DNS) protocol service, a Caching DNS service, and a Dynamic Host Configuration Protocol (DHCP) service.

Cisco offers these components as individually licensable applications or in a mix of suites.

This release notes describe the new software features, software and standards compatibility, interoperability and important notes for Cisco Prime Network Registrar 8.0.

Introduction

Cisco Prime Network Registrar is one of the Prime suite of network solution products. The Cisco Prime portfolio offerings empower IT organizations to more effectively manage their networks and the services they deliver. Built on a service-centric foundation, the Cisco Prime portfolio of products supports integrated lifecycle management through an intuitive workflow-oriented user experience and a set of common operational attributes.

Before you Begin

Note If you are migrating to Cisco Prime Network Registrar 8.0 from an earlier version of Cisco Network Registrar, you must review the Release Notes for the releases that occurred in between, to fully understand all the changes.

Software and Standards Compatibility

With the features introduced in this release, the software conforms to the following additional documents:

When purchasing the full complement of Cisco Prime Network Registrar components, customers will receive a separate license package for IPAM and another separate license for Cisco Prime Network Registrar DHCP and DNS components.

To install and manage DHCP, DNS, and Caching DNS licenses customers must establish a Regional server. The Regional server is used to install, count, and manage licensing for these components. The Cisco Prime Network Registrar IPAM license is installed separately and does not require the use of the Regional server.

The synchronizing operation between 8.0 and pre-8.0 local clusters must be done from an 8.0 local cluster. Cisco Prime Network Registrar 8.0 protocol servers interoperate with versions 7.2, 7.1, 7.0, and 6.3.x. Cisco Prime Network Registrar 8.0 will not support interoperability with the versions before 6.3.x.

Installing the Cisco Prime Network Registrar SDK

This section documents how to install the Cisco Prime Network Registrar SDK on the Linux, Solaris, and Windows platforms. Before installing the SDK, ensure that you have Java Runtime Environment (JRE) 5.0 (1.5.0_06) or later, or the equivalent Java Development Kit (JDK), installed on your system.

Installing on Linux or Solaris

To install the Cisco Prime Network Registrar SDK on a Linux or Solaris platform:

Step 1 Extract the contents of the distribution .tar file.

a. Create the SDK directory:

% mkdir /cnr-sdk

b. Change to the directory that you just created and extract the .tar file contents:

Installing on Windows

To install the Cisco Prime Network Registrar SDK on a Windows platform:

Step 1 Extract the contents of the distribution .tar file.

a. Create the SDK directory:

> md c:\cnr-sdk

b. Change to the directory that you just created and extract the .tar file contents:

> c:

> cd \cnr-sdk

> tar xvf sdk_tar_file_location\cnrsdk.tar

You may optionally use Winzip to extract cnrsdk.tar to the C:\cnr-sdk directory.

Step 2 Set your PATH and CLASSPATH variables:

> set PATH=%PATH%;c:\cnr-sdk\lib

> set CLASSPATH=c:\cnr-sdk\classes\cnrsdk.jar;.

Testing Your Installation

On Linux or Solaris, the following test program verifies that you have set your PATH or LD_LIBRARY_PATH correctly:

% java -jar /cnr-sdk/classes/cnrsdk.jar

On Windows, the following test program verifies that you have set your CLASSPATH correctly:

> java -jar c:\cnr-sdk\classes\cnrsdk.jar

Compatibility Considerations

For Java SDK client code developed with an earlier version of the SDK, you can simply recompile most code with the latest JAR file to connect to an upgraded server.

But in cases where the client code for versions before 7.1 directly manipulates reservation lists in scopes or prefixes, changes are required. These changes are required because the embedded reservation lists in both scopes and prefixes are no longer used. Beginning with version 7.1, individual reservations are stored separately and reference the parent scope or prefix by name.

The new design provides the following benefits:

•Reservation edits (add/modify/delete) do not require a scope or prefix edit.

•Reservations can be indexed directly to allow quick search and retrieval.

•Edits to scopes or prefixes with a large number of reservations no longer result in large scope or prefix change entry logs.

No changes are required for client code that adds or removes reservations using the addReservation or removeReservation methods. However, these methods are now deprecated because the edit functionality is replaced and extended by the general addObject, modifyObject, removeObject, addObjectList, modifyObjectList, and removeObjectList methods.

Software Features Added in Release 8.0

This section describes the most important changes made in the Cisco Prime Network Registrar 8.0.

•Determine the security status of all the Resource Records (RR) that are retrieved

•Handle DNSSEC related requests and response flag bits

DNS64 functionality for Caching Only DNS server is implemented based on RFC 6147. DNS64 with NAT64 provides access to the IPv4 Internet and servers for hosts that have only IPv6 address. DNS64 is a mechanism for synthesizing IPv6 RR from IPv4 RR. An IPv6 RR synthesized using DNS64 contains the same owner name as the original IPv4 RR and the IPv6 address instead of an IPv4 address.

Enhanced IP Address Management (IPAM)

With new IP services and technologies being deployed in IP networks, it is important to have Seamless IP Address Management functionality and rapid name resolution. Cisco Prime Network Registrar 8.0 provides enhanced IP address management (IPAM) system, which is a next generation, centralized IPAM system. The centralized IPAM system enables service providers and enterprises to take control of their IP address space and manage it according to their own policies and procedures. Cisco Prime Network Registrar IPAM provides a Web Services API for Integrating IPAM into broader service-level management tools (see New Web Services API).

Using the enhanced IPAM, organizations can improve the operational efficiency by:

Componentized Licensing

Before Cisco Prime Network Registrar 8.0, Cisco Network Registrar was licensed as a single system with a single license type called ip-node. With the introduction of Cisco Prime Network Registrar 8.0, the licensing is done according to the services that you require. Cisco Prime Network Registrar 8.0 provides separate licenses for Central Configuration Management (CCM), Authoritative DNS, Caching DNS, DHCP, and IPAM services or for combinations of these services.

Cisco Prime Network Registrar DHCP, DNS, and Caching DNS components are licensed and managed from the Regional server. All services in the local clusters are licensed through the regional cluster. Only a regional install asks for a license file, and only the regional server accepts new license files. Then the regional server can authorize individual local clusters based on available licenses.

Cisco Prime Network Registrar IPAM is licensed separately from Cisco Prime Network Registrar DHCP, DNS, and Caching DNS. When installing IPAM you will be asked to install as a separate process using a separate license key. To receive the IPAM license, you must purchase Cisco Prime Network Registrar IPAM either individually or as part of a Cisco Prime Network Registrar suite.

For more details on the Licensing, see the "License Files" section in the Overview chapter of the Installation Guide for Cisco Prime Network Registrar 8.0.

Following are the advantages of componentized licensing in Cisco Prime Network Registrar 8.0:

As in previous releases of Cisco Network Registrar, if you exceed the count of nodes licensed for either DHCP or DNS, the servers will continue to answer client requests. You will be notified that such a situation exists whenever you interact with the user interface.

Enhanced High-Availability DNS

Using the Enhanced High-Availability DNS servers, the Cisco Prime Network Registrar 8.0 allows zone-level locking while the servers are synchronizing. This allows the servers in other zones to receive dynamic updates while the servers in the locked zone are synchronizing. The High-Availability DNS for 8.0 is not compatible with prior versions of Cisco Network Registrar HA-DNS.

For more details on enhanced HA DNS, see the "High-Availability DNS" section in the Introduction to the Domain Name System chapter of the User Guide for Cisco Prime Network Registrar 8.0.

In earlier releases, both authoritative and recursive/caching DNS functionalities were provided by a single DNS server. With this new feature, the functionality is split into two servers, the existing DNS server becomes purely an authoritative DNS server and the Caching DNS server introduces dedicated recrusive/caching services with its own configuration. For more information on Authoritative and Caching DNS servers, see Managing Authoritative and Caching DNS Server Properties chapters of the User Guide for Cisco Prime Network Registrar 8.0.

New Web Services API

Cisco Prime Network Registrar IPAM provides a Web Services API for Integrating IPAM into broader service-level management tools. This is an important feature since IPAM, critical as it is, is one component of an overall IP network management architecture.

For example, incorporation of service-oriented IPAM into an enterprise-wide ITIL initiative aligns service-oriented IPAM with the service-oriented IT organization. An IPAM system can support configuration management and configuration management database (CMDB) functions for IPAM information, as well as support of other key ITIL processes such as change management, incident management, capacity management, release management, and others.

Limitations and Restrictions

•SNMP returns errors for deprecated DNS statistics. Some authoritative DNS related MIB entries, corresponding to deprecated server statistics, return empty data when accessed. These errors cause snmpget to report a bad value and snmpwalk operations to be aborted. See the bug report for further details.

•There is a new chart that was added to the Dashboard for Caching DNS called "Caching DNS General Indicators". This chart currently does not populate the values for Last Reload, Start Time and Total RRs. Only the server state is displayed. It is recommended not to select this chart type for display.

•The Regional Pull Replica Address Space fails when reservations are being pulled for new failover-pair objects. This problem occurs only if there is a new failover-pair and one or more reservations associated with that failover-pair.

To work around this issue, repeat the operation twice—first checking Omit Reservations and then without checking Omit Reservations. After the failover-pairs have been pulled, subsequent pull replica address space operations will work correctly.

•In situations where a DHCPv6 server supports clients with multiple leases, the demand on server memory increases. DHCPv4 supports only one lease per client, while DHCPv6 supports multiple leases. Therefore, a server running DHCPv6 cannot support as many leases (clients) as the same server running DHCPv4. For example, one DHCPv6 client might require 2,500 bytes of space compared to 1,000 bytes per DHCPv4 client. This means that a machine that would support one million DHCPv4 clients supports only 400,000 DHCPv6 clients. We recommend that you allow three times the memory for DHCPv6 clients as you would for DHCPv4.

You must:

–Be aware of how many prefixes per link are configured. If the configuration has two prefixes on a link, then with default configuration parameters, you have to cut in half the number of clients.

–Use care if you enable inhibit-all-renews. When enabled, each client would use at least two leases, and perhaps three, depending on the grace and affinity times per prefix.

–Deployment and Collection from Backup server of DHCP Failover Pair is not supported. These tasks should be performed only on DHCP Main server.

•Some distributions of Red Hat provide incompatible versions of OpenLDAP libraries. If the expected version of the libraries does not exist, the DHCP server is unable to start.

To know the required version of the OpenLDAP library, run ldd /opt/nwreg2/local/bin/dhcp.

To determine whether the DHCP server is failing to start:

–Review the logs/agent_server_1_log file. If it shows frequent "... 08012 server agent loading 'dhcp' ..." messages and there are no name_dhcp_1_log files (or new entries in the log file), then there could be an OpenLDAP version mismatch.

–Enter the following commands:

bash

export ld_library_path=/opt/nwreg2/local/lib

/opt/nwreg2/local/bin/dhcp -v

If the dhcp -v command displays a message that libraries (ldap and lber) cannot be found, then you have a Red Hat release with different LDAP libraries.

There are two workarounds for this issue:

–If the DHCP server is not needed in your environment, you should disable the DHCP server from starting. To do this, use the nrcmd dhcp disable start-on-reboot command, and restart Cisco Prime Network Registrar.

–If the DHCP server is needed, create symbolic links to the OpenLDAP libraries available on your system. For example:

ln -s /lib/libldap_r-2.4.so.2.5.6 /lib/libldap_r-2.3.so.0

ln -s /lib/liblber-2.4.so.2.5.6 /lib/liblber-2.3.so.0

Depending on the Red Hat version, you must replace the first file path in the example, with the proper version for the libraries.

ldd /opt/nwreg2/local/bin/dhcp shows the version that DHCP expects (these are the second file path in the above ln commands):

libldap_r-2.3.so.0 => /lib/libldap_r-2.3.so.0 (0x00a81000)

liblber-2.3.so.0 => /lib/liblber-2.3.so.0 (0x04e65000)

Important Notes

This section contains important information related to this software release that was unavailable when the user documentation was completed. This section describes:

Correcting the Time Skew Between Local and Regional

Include a network time service in your configuration to avoid time differences between the local and regional clusters. This method ensures that the aggregated data at the regional server appears consistently. The maximum allowable time drift between the regional and local clusters is five minutes. If the time skew exceeds five minutes, then the installation process will not be able to correctly register the server with the regional. In this case, unset and set the password on the regional cluster, and sync again.

Displaying Cisco Prime Network Registrar Processes that are Running

To display the Cisco Prime Network Registrar processes that are running in Linux or Solaris platform, do the following:

Step 2 Run the following command to display the ports that are open for IPv4 ports. The ports and the associated processes are listed based on pid.

# lsof -i4

Run the following command to display the ports that are open for IPv6 ports. The ports and the associated processes are listed based on pid.

# lsof -i6

Step 3 Compare the pids in Step 1 and the pids in Step 2, to determine all the open ports from any Cisco Prime Network Registrar process.

To display the Cisco Prime Network Registrar processes that are running in Windows platform, do the following:

Step 1 Run the following command:

> wmic process get name,processid,parentprocessid

Step 2 Find the process cnrservagt, and determine its process ID from the processid column.

Step 3 Find all the processes which have the process ID of cnrservagt in the ParentProcessId column. These are the processes that are specific to Cisco Prime Network Registrar (including the process cnrservagt).

The cnrservagt process is the process which is the parent of all of the other processes in Cisco Prime Network Registrar.

Step 4 Enter the following command:

> netstat -ao

This lists the open ports based on the process ID. Use the process IDs determined from Step 3 to access the information that results from running the above command netstat -ao, to determine all the open ports from any process that is a part of the Cisco Prime Network Registrar.

You can also get some information about the running Cisco Prime Network Registrar processes on all platforms using the Web UI Dashboard. The Dashboard element System Metrics displays some information about the Cisco Prime Network Registrar processes that are running.

Turning off Cisco Prime Network Registrar Processes

The nrcmd program has the serverdisable start-on-reboot and serverenable start-on-reboot commands to control whether the DHCP, DNS, SNMP, and TFTP servers are started automatically or not.

With Cisco Prime Network Registrar 8.0, nrcmd has the (expert mode, visibility 3) server-agent command which can be used to control the various processes that Cisco Prime Network Registrar runs. For example:

nrcmd> session set visibility=3

100 OK

nrcmd> server-agent dhcp get enabled

100 Ok

enabled=true

nrcmd> server-agent dhcp disable enabled

100 Ok

nrcmd> dhcp get start-on-reboot

100 Ok

start-on-reboot=disabled

nrcmd> server-agent dhcp enable enabled

100 Ok

nrcmd> dhcp get start-on-reboot

100 Ok

start-on-reboot=enabled

The available servers here are dhcp, dns, ric, snmp, tftp, and tomcat. The Cisco Prime Network Registrar cnrservagt and ccmsrv processes are not optional and should always be run.

Note You should use the approach appropriate for your operating system to turn off the other unneeded services that are not required.

Changes to client_mac_addr Attribute

In Cisco Network Registrar 7.1, the Dynamic Lease Notification Client used to throw an exception when adding lease data if the MAC address length was more than six bytes. This was because the database field for the client_mac_addr attribute could accommodate only six-byte MAC addresses.

From Cisco Prime Network Registrar 8.0, the Dynamic Lease Notification Client allows adding lease data for the full range of the possible chaddr field lengths (up to 16 bytes).

Note You should not use pre-existing databases with the 7.2 version of the Dynamic Lease Notification Client because a different exception, 'Data too long for column client_mac_addr', may occur if an attempt is made to store a longer than six byte client_mac_addr value.

Using Simple Failover for Configuring DHCP failover

When you configure DHCP failover, we strongly recommend you to use simple failover (see "Failover scenarios" section in the Configuring DHCP Failover chapter of the User Guide for Cisco Prime Network Registrar 8.0). While the back office failover and symmetrical failover capabilities are still present, these will not be supported. Also, configuring DHCPv4 failover using any approach other than simple failover will have licensing implications and will most likely require more licenses (or higher node count licenses) than would otherwise be required.

Defects

For the complete list of bugs and the enhancements for this release, see cnr_8_0-buglist.pdf and cnr_8_0-enhancement_list.pdf included with the release. Refer to this list especially for information about fixes to customer-reported issues.

Product Documentation

Note We sometimes update the documentation after original publication. Therefore, you should review the documentation on Cisco.com for any updates.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.